I've already spend hours on this simple code. Email arrives, but fields like name email newsletter are empty. It must be something stupid but it drives me crazzy that it's not working when it's just simple form.
Also, if you know, can you please help me prevent user from clicking on form twice and sending multiple emails. Thank you a lot!
<?php
$name = strip_tags(htmlspecialchars($_GET['name']));
$email_address = strip_tags(htmlspecialchars($_GET['email']));
$message = strip_tags(htmlspecialchars($_GET['message']));
$newsletter = strip_tags(htmlspecialchars($_GET['newsletter']));
// Create the email and send the message
$to = 'xxx#xxx.com';
$email_subject = "Message from from : $name";
$email_body = "Message from form arrived.\n\n"."Message details:\n\nName: $name\n\nEmail: $email_address\n\nPhone: $newsletter\n\nMessage:\n$message";
$headers = "From: form#xxx.com\n";
$headers .= "Reply-To: $email_address";
mail($to,$email_subject,$email_body,$headers);
?>
<form method="GET">
<span>Name</span>
<input type="text" name="name" placeholder="Your name"><br />
<span>E-mail</span>
<input type="email" name="email" placeholder="E-mail"><br />
<div>Message</div>
<textarea type="text" name="message" rows="8" cols="80"></textarea><br />
<input type="checkbox" name="newsletter" id="newsletter">
<label for="newsletter">I wold like to get email infromations</label><br />
<button type="submit">Send</button>
<span class="message"></span>
</form>
You may prefer HEREDOC syntax when working with lengthy strings that include variables, like you would use to generate email content. If your variables are being populated correctly, then this should work.
$email_body = <<<EOT
Message from form arrived.
Message details:
Name: $name
Email: $email_address
Phone: $newsletter
Message:
$message
EOT;
Related
This question already has answers here:
PHP email form shooting blank emails
(4 answers)
Closed 2 years ago.
I have a contact form on two different websites I have made for clients.
At around 8-9pm everyday a blank message is sent using the contact form and straight to my clients' respective email addresses.
PHP:
<?php
$name = $_POST['full-name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = $_POST['full-name'];
$to = 'mobileguitarworkshop#hotmail.com';
if(!empty($_POST['field'])) die();
$email_from = 'mobileguitarworkshop#hotmail.com';
$email_subject = "Enquiry from $name.\n";
$body = "From: $name.\n".
"Email: $email.\n".
"Message: $message.\n";
$headers = "From: $email \r\n";
$headers .= "Reply-To: $email \r\n";
mail($to, $email_subject, $body, $headers);
header("Location: http://mobileguitarworkshop.co.uk/success.html");
exit();
?>
HTML:
<form action="contact.php" method="post" class="contact-form">
<label for="full-name">Name</label>
<input name="full-name" type="text" id="full-name" required>
<input type="text" id="field" name="field"/>
<label for="phone">Phone</label>
<input name="phone" type="tel" id="phone">
<label for="email">Email address</label>
<input name="email" type="text" id="email" required>
<label for="message">Message</label>
<textarea name="message" id="message"></textarea>
<input name="send" type="submit" value="SEND" id="sendBtn">
</form>
I've tried adding 'required' to the Name and Email Address inputs to stop spammers, and also a hidden field that, if filled, directs them to 'success.html' without posting the message.
If anyone can explain why this is happening that would be great. The hosting service I'm using is 1&1 IONOS.
Thanks,
Jack
The spammers may be sending a request directly to the contact form endpoint, bypassing your form entirely. This means that required fields in the html wont do much to stop that. You'll need to check those properties on the backend to prevent those submissions. Something like this would work:
if(empty($_POST['full-name']) || empty($_POST['email'])) {
die();
}
If I were you, I'd also look into implementing a CSRF token. See How to properly add CSRF token using PHP
While we're talking, we really should sanitize the $_POST['message']; with something like the below to remove any questionable html content your users may have submitted:
$message = strip_tags($_POST['message']);
Okay, so I've got a VPS with sendmail running as well as php5. The mail server works because I tested somebody elses php contact script and it succesfully sent me an email via a submit button. I can't however seem to get my script to work. Here it is:
<?php
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];
$email_from = $visitor_email;
$email_subject = "You got work yo!";
$email_body = $message
$to = "myemail#gmail.com";
$headers = "from: $visitor_email \r\n";
mail($to,$email_subject,$email_body,$headers);
?>
Here is the html
<form action="email.php" name="emailform" method="post">
Name:<input type="text" name="name">
<br/>
Email:<input type="text" name="email">
</br>
Message:<input type="text" name="message">
<input type="submit" value="Send Form">
</form>
Thanks for the help
You have a syntax error: you are missing a semicolon after $email_body = $message. This is causing your script to fail with a white screen.
Tip for the future: if you had any output in your PHP or checked the logs, you would have caught this.
Well, I have gotten the submit to work... somehow. But the email comes and it only contains my email as the body of the message (not even the email entered into the form)... no name, no phone number, no radio answers, ect.
Ok. I have finally gotten the html form to do SOMETHING. Unfortunately, when you hit "submit" it directs to a page that says this: Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator to inform of the time the error occurred and of anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Here is the PHP code:
<?php
if (!isset($_POST['submit'])) {
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$telephone = $_POST['phone'];
$visitor_email = $_POST['email'];
//Validate first
if (empty($name) || empty($visitor_email)) {
echo "Name and email are mandatory!";
exit;
}
if (IsInjected($visitor_email)) {
echo "Bad email value!";
exit;
}
$email_from = 'heather#thetrinitydesign.com'; //<== update the email address
$email_subject = "New Form submission";
$email_body = "You have received a new message from the user $name.\n" . "Here is the message:\n $message" . $to = "heather#thetrinitydesign.com"; //<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to, $email_subject, $email_body, $headers);
//done. redirect to thank-you page.
header('Location: thank_you.html');
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array(
'(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if (preg_match($inject, $str)) {
return true;
} else {
return false;
}
}
?>
And the HTML. I feel like I need to have each of the questions I asked represented in the PHP file. Is this correct? And I have seen so many things preface the $POST thing that I am completely lost.
<form action="form-to-email.php" method="post" enctype="multipart/form-data" name="Info Form" id="Info Form">
<p class="form">Name:
<input name="Name" type="text" class="formbox" id="Name" size="20" />
</p>
<p class="form"> Phone:
<input name="Phone" type="text" class="formbox" id="Phone" size="12" maxlength="12" /></p>
<p class="form">Email:
<span id="sprytextfield2">
<input name="Email" type="text" class="formbox" id="Email" />
<span class="textfieldRequiredMsg">A value is required.</span><span class="textfieldInvalidFormatMsg">Invalid format.</span></span> </p>
<p class="form">
<label>Have you ever had Custom Interior Design work before?<br />
Here is the submit:
<br />
<input name="Submit" type="submit" id="button" value="Submit" />
<br />
</p>
<p class="form">
Just above the validate first comment is a $ that should not be there.
As well as all of the suggestions mentioned, I am going to hazard a guess that the internal error is because the form is posting to 'form-to-email.php', this needs to match the filename of your php file.
change this
<input name="Submit" type="submit" id="button" value="Submit" />
to
<input name="submit" type="submit" id="button" value="Submit" />
^ This should be lowercase here, see below
The code below needs to match the name above.... exactly...
if (!isset($_POST['submit'])) {
^ here!!!!
These two values need to match exactly...
$_POST['THIS'] and <input name="THIS" .../>
As Quinny has pointed out, you make this error with almost all the form inputs...
<input name="Email" .../> should be <input name="email" .../>
<input name="Phone" .../> should be <input name="phone" .../>
<input name="Name" ..../> should be <input name="name" ..../>
It looks to me like you are flying by the seat of your pants, and are just trying to get it working. Spend a little more time learn what is actually happening.
PHP Forms a great tutorial on how to get forms working.
a few things to note:
santize your $_POST data. make sure all data is safe. not just your email data.
look into coding standards, there a bunch, pick one drupals coding standards
give all form elements a name and id, not just an id, when you get into javscript later on, which you may or may not, this will be much easier.
avoid spaces in ids/names form name='Info Form' not a huge deal, could get ugly later on.
you can run the php file from command line, and get some good error details there.
turn on php error reporting Show Errors
these are just a few, not trying to be smug, trying to point you in the right direction.
EDIT:
change this:
$email_from = 'heather#thetrinitydesign.com'; //<== update the email address
$email_subject = "New Form submission";
$email_body = "You have received a new message from the user $name.\n" . "Here is the message:\n $message" . $to = "heather#thetrinitydesign.com"; //<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to, $email_subject, $email_body, $headers);
to this:
$message = "Hello My Friend";
$email_from = 'heather#thetrinitydesign.com';
$email_subject = "New Form submission";
$email_body = "You have received a new message from the user $name.\n" . "Here is the message:\n $message";
$to = $_POST['Email']; //<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to, $email_subject, $email_body, $headers);
This will send an email from heather#thetrinitydesign.com to "what ever you type in email"
with the message
"You have received a new message from the user "what ever you type in name"
"Here is the message:
Hello My Friend";
I have a HTML form with 4 id (name, email, message, subject), a js with all the variables declared and a PHP that should send the mail.
HTML
<form id="formail" method="post" action="">
<input type="text" id="nome" name="nome" value="" size="22" /><br />
<input type="text" id="email" name="email" value="" size="54" /><br />
<textarea id="messaggio" name="messaggio" rows="1" cols="55" style="resize: none;"></textarea><br />
<input type="text" id="subject" name="subject" value="" size="22" /><br />
<input type="submit" id="send" name="send" value="" style="cursor: pointer"/>
<br />
<div id="answer"></div>
</form>
This is the js
var valid = '';
var isr = ' requested.</h6>';
var name = $("#nome").val();
var mail = $("#email").val();
var subject = $("#subject").val();
var messaggio = $("#messaggio").val();
(follow controls about the name and mail, and the send function)
This is the php
$mail = trim($_POST['mail']);
$name = $_POST['name'];
$text = $_POST['messaggio'];
$subject = $_POST['subject'];
$ip = $_SERVER['REMOTE_ADDR'];
$to = "admin#test.com";
$message = "Username: ".$name.", ".$mail.".<br />";
$message .= "Subject: ".$subject.".<br />";
$message .= "Messaggio: <br />".$text."<br /><br />";
$message .= "IP: ".$ip."<br />";
$headers = "From: ".$mail." \r\n";
$headers .= "Reply-To: ".$mail." \r\n";
$headers .= "MIME-Version: 1.0 \n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1 \n";
if(mail($to, $subject, $message, $headers)){
echo "<h6>Message sent!</h6>";
}
I posted only the relevant code. When I click send I'll receive the mail, however the field "subject" is blank, as if the variables "subject" had been ignored.
Could you please help me? I'm starting to learn PHP but I'm still a newbie. Thank you.
Where is your mail function?
use following mail function:
mail($to-mail,$subject,$message,$header);
Two key points here:
a) Not sure exactly what function you're using to actually send the mail, but assuming PHP mail() you will need to use the $subject as the second parameter.
b) If you publish this on the open web you will be exploited as an open relay by spammers.
The attack you are vulnerable to is called 'header injection'.
In short, if I submit my 'mail' value as myemail#example.org%0ABcc:poorsap#example.com the script will add an extra line (the %0A is a linefeed), and submit to mail() with an extra Bcc header for however many emails I like (in this case poorsap#example.org).
Please take a read through this: http://www.securephpwiki.com/index.php/Email_Injection and consider using an alternate library to avoid this problem.
I am a web designer, and dont really know much about PHP. I have a form, and I want the values to be sent to three email addresses.
Here is my HTML:
<form id="player" method="post" action="process.php">
<label for="name">Your Name</label>
<input type="text" name="name" title="Enter your name" class="required">
<label for="phone">Daytime Phone</label>
<input type="tel" name="phone" class="required">
<label for="email">Email</label>
<input type="email" name="email" title="Enter your e-mail address" class="required email">
<input type="submit" name="submit" class="button" id="submit" value="I'd like to join Now" />
</form>
I have somehow found a PHP code that should send the data to ONE email address only, but I dont even know if it works or not.
Here is the code for that:
<?php
// Get Data
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$phone = strip_tags($_POST['phone']);
$url = strip_tags($_POST['url']);
$message = strip_tags($_POST['message']);
// Send Message
mail( "you#youremail.com", "Contact Form Submission",
"Name: $name\nEmail: $email\nPhone: $phone\nWebsite: $url\nMessage: $message\n",
"From: Forms <forms#example.net>" );
?>
Thanks
Add headers
<?php
// Get Data
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$phone = strip_tags($_POST['phone']);
$url = strip_tags($_POST['url']);
$message = strip_tags($_POST['message']);
$headers .="From: Forms <forms#example.net>";
$headers .="CC: Mail1 <Mail1#example.net>";
$headers .=", Mail2 <Mail2#example.net>";
// Send Message
mail( "you#youremail.com", "Contact Form Submission",
"Name: $name\nEmail: $email\nPhone: $phone\nWebsite: $url\nMessage: $message\n",
$headers );
?>
You should be able to separate email addresses with commas in the first parameter of the mail() function, i.e.
mail('email1#example.com, email2#example.com', $subject, $message, $headers);
Or sepcific CC and optionally BCC addresses as per Ahmad's answer.
The mail function (which is used in the code that you posted) allows you to specify multiple recipients. See the PHP documentation of that function for details: http://php.net/manual/en/function.mail.php
Edit: You basically need to replace the "you#youremail.com" part with a list of addresses, separated by commas, e.g.:
mail("you#youremail.com,somebody#domain.com,anotherone#domain.com", ...
use
$to = "email#email.com"
$to .= ", anotheremail#email.com";
this will help you to create multiple recipient.